5.5
CVE-2021-47289
- EPSS 0.24%
- Veröffentlicht 21.05.2024 15:15:16
- Zuletzt bearbeitet 23.12.2024 16:46:39
- CVE-Watchlists
- Unerledigt
ACPI: fix NULL pointer dereference
In the Linux kernel, the following vulnerability has been resolved:
ACPI: fix NULL pointer dereference
Commit 71f642833284 ("ACPI: utils: Fix reference counting in
for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer
that was possibly NULL. That fails miserably, because that helper
inline function is not set up to handle that case.
Just make acpi_dev_put() silently accept a NULL pointer, rather than
calling down to put_device() with an invalid offset off that NULL
pointer.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 5.4.139
Linux ≫ Linux Kernel Version >= 5.5 < 5.10.57
Linux ≫ Linux Kernel Version >= 5.11 < 5.13.6
Linux ≫ Linux Kernel Version5.14 Updaterc1
Linux ≫ Linux Kernel Version5.14 Updaterc2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.142 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
https://git.kernel.org/stable/c/38f54217b423c0101d03a00feec6fb8ec608b12e
https://git.kernel.org/stable/c/cae3fa3d8165761f3000f523b11cfa1cd35206bc
https://git.kernel.org/stable/c/ccf23a0888077a25a0793a746c3941db2a7562e4
https://git.kernel.org/stable/c/fc68f42aa737dc15e7665a4101d4168aadb8e4c4